kbdcontrol -l affects all vty's, not just the current one

nntp.dragonflybsd.org memmerto at yahoo.com
Sun Jun 20 21:04:07 PDT 2004


"Chris Pressey" <cpressey at xxxxxxxxxxxxxxx> wrote in message
news:20040620173840.656ff23e.cpressey at xxxxxxxxxxxxxxxxxx
> While testing Tim Wickberg's kbdmap submission I found an interesting
> bug in syscons.  Keyboard mappings are global to syscons rather than
> per-vty.  I've tried it on FreeBSD 4.9 and it has the same behaviour, so
> it's something we've inherited.  To reproduce it, try this:
>
> - login in one vty as an unprivledged user
> - kbdcontrol -l a_different_keymap_file_from_what_you_usually_use
> - switch to another vty
> - login as root
> - type something.
>
> It's not so much a serious security hole as it's just offensive to UNIX
> sensibilities of how an unprivledged user is not supposed to be able to
> change the properties of something they don't own :-/

Agreed.

> (Simon 'corecode' Schubert pointed out that, even if the kbdmap was
> per-vty, nothing would stop an unprivledged user from loading a keyboard
> map of all NUL's, which would disable further logins and/or switching to
> another vty.  So I'm not really sure what can be done about it...)

1) Make keyboard maps per-vty.
2) Make root the only user able to change keyboard maps on vtys.

If both of these changes are implemented, then only root users can shoot
themselves in the foot with an all-NULL keyboard map.

--
Matt Emmerton







More information about the Bugs mailing list